Skip to content

Commit 2f1b686

Browse files
CrashedmindCrashedmind
committed
Deployed fcfba70 with MkDocs version: 1.5.3
1 parent 8c28a37 commit 2f1b686

5 files changed

Lines changed: 69 additions & 37 deletions

File tree

cisa_kev/cisa_kev/index.html

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1284,6 +1284,22 @@ <h1 id="cisa-kev"><abbr title="Cybersecurity &amp; Infrastructure Security Agenc
12841284
</li>
12851285
</ul>
12861286
</div>
1287+
<div class="admonition info">
1288+
<p class="admonition-title"><abbr title="Cybersecurity &amp; Infrastructure Security Agency">CISA</abbr> <abbr title="Known Exploited Vulnerability">KEV</abbr> currently includes ~1.1K CVEs, and defines criteria for inclusion</p>
1289+
<p><abbr title="Cybersecurity &amp; Infrastructure Security Agency">CISA</abbr> Known Exploited Vulnerabilities Catalog (<abbr title="Cybersecurity &amp; Infrastructure Security Agency">CISA</abbr> <abbr title="Known Exploited Vulnerability">KEV</abbr>) is a source of vulnerabilities that have been exploited in the wild</p>
1290+
<p>There's several criteria including:</p>
1291+
<div class="admonition quote">
1292+
<p class="admonition-title">Quote</p>
1293+
<p>"A vulnerability under active exploitation is one for which there is reliable evidence that execution of malicious code was performed by an actor on a system without permission of the system owner." </p>
1294+
<p>"Events that do not constitute as active exploitation, in relation to the <abbr title="Known Exploited Vulnerability">KEV</abbr> catalog, include:</p>
1295+
<ul>
1296+
<li>Scanning</li>
1297+
<li>Security research of an exploit</li>
1298+
<li>Proof of Concept (PoC)</li>
1299+
</ul>
1300+
<p><a href="https://www.cisa.gov/known-exploited-vulnerabilities">https://www.cisa.gov/known-exploited-vulnerabilities</a> </p>
1301+
</div>
1302+
</div>
12871303
<div class="admonition quote">
12881304
<p class="admonition-title">Quote</p>
12891305
<p>“All federal civilian executive branch (FCEB) agencies are required to <abbr title="The neutralization or elimination of a vulnerability or the likelihood of its exploitation.">remediate</abbr> vulnerabilities in the <abbr title="Known Exploited Vulnerability">KEV</abbr> catalog within prescribed timeframes under Binding Operational Directive (BOD) 22-01, Reducing the Significant <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> of Known Exploited Vulnerabilities. Although not bound by BOD 22-01, every organization, including those in state, local, tribal, and territorial (SLTT) governments and <strong>private industry can significantly strengthen their security and resilience posture by prioritizing the remediation of the vulnerabilities listed in the <abbr title="Known Exploited Vulnerability">KEV</abbr> catalogue as well</strong>. <abbr title="Cybersecurity &amp; Infrastructure Security Agency">CISA</abbr> strongly recommends all stakeholders include a requirement to immediately address <abbr title="Known Exploited Vulnerability">KEV</abbr> catalogue vulnerabilities as part of their vulnerability management plan.</p>

print_page/index.html

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3842,6 +3842,22 @@ <h3 id="epss-epss_thresholds-monte-carlo-simulation-for-a-typical-enterprise">Mo
38423842
</li>
38433843
</ul>
38443844
</div>
3845+
<div class="admonition info">
3846+
<p class="admonition-title"><abbr title="Cybersecurity &amp; Infrastructure Security Agency">CISA</abbr> <abbr title="Known Exploited Vulnerability">KEV</abbr> currently includes ~1.1K CVEs, and defines criteria for inclusion</p>
3847+
<p><abbr title="Cybersecurity &amp; Infrastructure Security Agency">CISA</abbr> Known Exploited Vulnerabilities Catalog (<abbr title="Cybersecurity &amp; Infrastructure Security Agency">CISA</abbr> <abbr title="Known Exploited Vulnerability">KEV</abbr>) is a source of vulnerabilities that have been exploited in the wild</p>
3848+
<p>There's several criteria including:</p>
3849+
<div class="admonition quote">
3850+
<p class="admonition-title">Quote</p>
3851+
<p>"A vulnerability under active exploitation is one for which there is reliable evidence that execution of malicious code was performed by an actor on a system without permission of the system owner." </p>
3852+
<p>"Events that do not constitute as active exploitation, in relation to the <abbr title="Known Exploited Vulnerability">KEV</abbr> catalog, include:</p>
3853+
<ul>
3854+
<li>Scanning</li>
3855+
<li>Security research of an exploit</li>
3856+
<li>Proof of Concept (PoC)</li>
3857+
</ul>
3858+
<p><a href="https://www.cisa.gov/known-exploited-vulnerabilities">https://www.cisa.gov/known-exploited-vulnerabilities</a> </p>
3859+
</div>
3860+
</div>
38453861
<div class="admonition quote">
38463862
<p class="admonition-title">Quote</p>
38473863
<p>“All federal civilian executive branch (FCEB) agencies are required to <abbr title="The neutralization or elimination of a vulnerability or the likelihood of its exploitation.">remediate</abbr> vulnerabilities in the <abbr title="Known Exploited Vulnerability">KEV</abbr> catalog within prescribed timeframes under Binding Operational Directive (BOD) 22-01, Reducing the Significant <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> of Known Exploited Vulnerabilities. Although not bound by BOD 22-01, every organization, including those in state, local, tribal, and territorial (SLTT) governments and <strong>private industry can significantly strengthen their security and resilience posture by prioritizing the remediation of the vulnerabilities listed in the <abbr title="Known Exploited Vulnerability">KEV</abbr> catalogue as well</strong>. <abbr title="Cybersecurity &amp; Infrastructure Security Agency">CISA</abbr> strongly recommends all stakeholders include a requirement to immediately address <abbr title="Known Exploited Vulnerability">KEV</abbr> catalogue vulnerabilities as part of their vulnerability management plan.</p>

search/search_index.json

Lines changed: 1 addition & 1 deletion
Large diffs are not rendered by default.

sitemap.xml

Lines changed: 36 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -2,182 +2,182 @@
22
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
33
<url>
44
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/</loc>
5-
<lastmod>2024-02-22</lastmod>
5+
<lastmod>2024-02-23</lastmod>
66
<changefreq>daily</changefreq>
77
</url>
88
<url>
99
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/annex/Glossary/</loc>
10-
<lastmod>2024-02-22</lastmod>
10+
<lastmod>2024-02-23</lastmod>
1111
<changefreq>daily</changefreq>
1212
</url>
1313
<url>
1414
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/cisa_kev/cisa_kev/</loc>
15-
<lastmod>2024-02-22</lastmod>
15+
<lastmod>2024-02-23</lastmod>
1616
<changefreq>daily</changefreq>
1717
</url>
1818
<url>
1919
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/cvss/CVSS/</loc>
20-
<lastmod>2024-02-22</lastmod>
20+
<lastmod>2024-02-23</lastmod>
2121
<changefreq>daily</changefreq>
2222
</url>
2323
<url>
2424
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/Applying_EPSS_to_your_environment/</loc>
25-
<lastmod>2024-02-22</lastmod>
25+
<lastmod>2024-02-23</lastmod>
2626
<changefreq>daily</changefreq>
2727
</url>
2828
<url>
2929
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/EPSS_Thresholds/</loc>
30-
<lastmod>2024-02-22</lastmod>
30+
<lastmod>2024-02-23</lastmod>
3131
<changefreq>daily</changefreq>
3232
</url>
3333
<url>
3434
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/EPSS_and_CISA_KEV/</loc>
35-
<lastmod>2024-02-22</lastmod>
35+
<lastmod>2024-02-23</lastmod>
3636
<changefreq>daily</changefreq>
3737
</url>
3838
<url>
3939
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/Introduction_to_EPSS/</loc>
40-
<lastmod>2024-02-22</lastmod>
40+
<lastmod>2024-02-23</lastmod>
4141
<changefreq>daily</changefreq>
4242
</url>
4343
<url>
4444
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/What_users_ask_for/</loc>
45-
<lastmod>2024-02-22</lastmod>
45+
<lastmod>2024-02-23</lastmod>
4646
<changefreq>daily</changefreq>
4747
</url>
4848
<url>
4949
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/abbreviations/</loc>
50-
<lastmod>2024-02-22</lastmod>
50+
<lastmod>2024-02-23</lastmod>
5151
<changefreq>daily</changefreq>
5252
</url>
5353
<url>
5454
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/epss_threshold/</loc>
55-
<lastmod>2024-02-22</lastmod>
55+
<lastmod>2024-02-23</lastmod>
5656
<changefreq>daily</changefreq>
5757
</url>
5858
<url>
5959
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/plots_cvss_epss/</loc>
60-
<lastmod>2024-02-22</lastmod>
60+
<lastmod>2024-02-23</lastmod>
6161
<changefreq>daily</changefreq>
6262
</url>
6363
<url>
6464
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/vendor_warning/</loc>
65-
<lastmod>2024-02-22</lastmod>
65+
<lastmod>2024-02-23</lastmod>
6666
<changefreq>daily</changefreq>
6767
</url>
6868
<url>
6969
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/vulns_exploited/</loc>
70-
<lastmod>2024-02-22</lastmod>
70+
<lastmod>2024-02-23</lastmod>
7171
<changefreq>daily</changefreq>
7272
</url>
7373
<url>
7474
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/Introduction/</loc>
75-
<lastmod>2024-02-22</lastmod>
75+
<lastmod>2024-02-23</lastmod>
7676
<changefreq>daily</changefreq>
7777
</url>
7878
<url>
7979
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/Scope/</loc>
80-
<lastmod>2024-02-22</lastmod>
80+
<lastmod>2024-02-23</lastmod>
8181
<changefreq>daily</changefreq>
8282
</url>
8383
<url>
8484
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/code_and_data/</loc>
85-
<lastmod>2024-02-22</lastmod>
85+
<lastmod>2024-02-23</lastmod>
8686
<changefreq>daily</changefreq>
8787
</url>
8888
<url>
8989
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/contributors/</loc>
90-
<lastmod>2024-02-22</lastmod>
90+
<lastmod>2024-02-23</lastmod>
9191
<changefreq>daily</changefreq>
9292
</url>
9393
<url>
9494
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/organizations/Organization_requlated/</loc>
95-
<lastmod>2024-02-22</lastmod>
95+
<lastmod>2024-02-23</lastmod>
9696
<changefreq>daily</changefreq>
9797
</url>
9898
<url>
9999
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/organizations/Yahoo/</loc>
100-
<lastmod>2024-02-22</lastmod>
100+
<lastmod>2024-02-23</lastmod>
101101
<changefreq>daily</changefreq>
102102
</url>
103103
<url>
104104
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/organizations/acme/Applied/</loc>
105-
<lastmod>2024-02-22</lastmod>
105+
<lastmod>2024-02-23</lastmod>
106106
<changefreq>daily</changefreq>
107107
</url>
108108
<url>
109109
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/organizations/acme/EDA/</loc>
110-
<lastmod>2024-02-22</lastmod>
110+
<lastmod>2024-02-23</lastmod>
111111
<changefreq>daily</changefreq>
112112
</url>
113113
<url>
114114
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/requirements/Requirements/</loc>
115-
<lastmod>2024-02-22</lastmod>
115+
<lastmod>2024-02-23</lastmod>
116116
<changefreq>daily</changefreq>
117117
</url>
118118
<url>
119119
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Back_of_napkin/</loc>
120-
<lastmod>2024-02-22</lastmod>
120+
<lastmod>2024-02-23</lastmod>
121121
<changefreq>daily</changefreq>
122122
</url>
123123
<url>
124124
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Data_Sources/</loc>
125-
<lastmod>2024-02-22</lastmod>
125+
<lastmod>2024-02-23</lastmod>
126126
<changefreq>daily</changefreq>
127127
</url>
128128
<url>
129129
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Log4Shell/</loc>
130-
<lastmod>2024-02-22</lastmod>
130+
<lastmod>2024-02-23</lastmod>
131131
<changefreq>daily</changefreq>
132132
</url>
133133
<url>
134134
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Takeaway/</loc>
135-
<lastmod>2024-02-22</lastmod>
135+
<lastmod>2024-02-23</lastmod>
136136
<changefreq>daily</changefreq>
137137
</url>
138138
<url>
139139
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Understanding_Risk/</loc>
140-
<lastmod>2024-02-22</lastmod>
140+
<lastmod>2024-02-23</lastmod>
141141
<changefreq>daily</changefreq>
142142
</url>
143143
<url>
144144
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Vulnerability_Landscape/</loc>
145-
<lastmod>2024-02-22</lastmod>
145+
<lastmod>2024-02-23</lastmod>
146146
<changefreq>daily</changefreq>
147147
</url>
148148
<url>
149149
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/ssvc/SSVC/</loc>
150-
<lastmod>2024-02-22</lastmod>
150+
<lastmod>2024-02-23</lastmod>
151151
<changefreq>daily</changefreq>
152152
</url>
153153
<url>
154154
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/ssvc/decision_trees/</loc>
155-
<lastmod>2024-02-22</lastmod>
155+
<lastmod>2024-02-23</lastmod>
156156
<changefreq>daily</changefreq>
157157
</url>
158158
<url>
159159
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/ssvc/decision_trees_from_scratch/</loc>
160-
<lastmod>2024-02-22</lastmod>
160+
<lastmod>2024-02-23</lastmod>
161161
<changefreq>daily</changefreq>
162162
</url>
163163
<url>
164164
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/vendors/EdgeScan/</loc>
165-
<lastmod>2024-02-22</lastmod>
165+
<lastmod>2024-02-23</lastmod>
166166
<changefreq>daily</changefreq>
167167
</url>
168168
<url>
169169
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/vendors/Microsoft_Exploitability_Index/</loc>
170-
<lastmod>2024-02-22</lastmod>
170+
<lastmod>2024-02-23</lastmod>
171171
<changefreq>daily</changefreq>
172172
</url>
173173
<url>
174174
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/vendors/Qualys/</loc>
175-
<lastmod>2024-02-22</lastmod>
175+
<lastmod>2024-02-23</lastmod>
176176
<changefreq>daily</changefreq>
177177
</url>
178178
<url>
179179
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/vendors/vendors/</loc>
180-
<lastmod>2024-02-22</lastmod>
180+
<lastmod>2024-02-23</lastmod>
181181
<changefreq>daily</changefreq>
182182
</url>
183183
</urlset>

sitemap.xml.gz

1 Byte
Binary file not shown.

0 commit comments

Comments
 (0)